NOTAUTH on dynamic zone update
Benedikt Gollatz
benedikt at gollatz.net
Mon Feb 16 03:08:01 UTC 2009
Hello everyone,
I use nsupdate to dynamically update a reverse lookup zone hosted by my
BIND9 setup. For that purpose, I've created host-type HMAC-MD5 keys,
added an appropriate "key" section to my configuration, added the updating
host to the "controls" section, and added an "allow-update" parameter to the
zone configuration like this:
zone "[...]" in {
type master;
[...]
allow-update { key "key-name"; };
};
I pass the key to nsupdate using one (either) of the keyfiles generated by
dnssec-keygen with the -k parameter.
Unfortunately this doesn't work. When running nsupdate, I get a "failed: not
authoritative for update zone (NOTAUTH)" error in my server log file, and no
updating is done.
I'm confused about the error message because both the BIND configuration file
and the SOA record of the zone state that the server indeed is authoritative
for the update zone.
Also, this configuration works fine with a dhcpd updating a different zone
hosted by the same server.
Googling yields a few people with similar problems but no real solution. Any
hints on what I might be doing wrong are appreciated.
Benedikt
More information about the bind-users
mailing list